Exam (elaborations)
CS 340 midterm 2 Questions and answers latest update
- Course
- CSCI 340
- Institution
- University Of Illinois - Chicago
CS 340 midterm 2 Questions and answers latest update
[Show more]
Content preview
CS 340 midterm 2What are validation and verification? How are these processes different?
ANS✔✔ The main purpose of validation and verification is to improve
software quality.
Validation aims to answer the question: Have I build the right product (Does
the product meet the needs?). Performed at a higher level than verification.
Requirements testing and architectural reviews.
Verification: Have I built the product right? Verification is to use examination
and objective evidence to determine that a specified requirements have been
fulfilled. Might use intermediate requirements
What is a software defect? What is the relationship between defects and
software quality? ANS✔✔ Broadly can be thought of as some sort of error in
your product. 4 Levels of defect severity:
Level 1: Critical defect that results in total stoppage of usage; no workaround.
Level 2: Major defect that affects some major functionality or major data. There
is a workaround but is not obvious and difficult.
Level 3: Minor defect that affect some minor functionality or non-critical data.
Typically have an easier workaround.
Level 4: Trivial defects that don't really affect functionality or data. They don't
need a workaround, just cause an inconvenience.
What are the different mechanisms for measuring the size of a software
project? What are their benefits and drawbacks? ANS✔✔ Lines of code is the
primary metric for measurement of program size. This has a major issue in
that it is hard to compare projects that use different languages; some languages
perform the same functions in a different amount of lines. Within a language,
,lines are fairly consistent, with light variance based on each person's coding
habits. Another issue is should whitespace and brackets be counted?
For each customer requirements, assign a number of points to them, and add
them up as they are integrated. This is better for multi-language projects but
the amount of points is still subjective.
Understand and be able to discuss the major conclusions from Casper Jones'
survey on software quality. ANS✔✔ Had 3 Metrics:
Defect potentials: Total number of different types of errors in the software
Defect discovery Efficiency: % of defects discovered before release.
Defect Removal Efficiency: % of defects removed before release.
The study found that it is necessary to predefine things such as cost-per-defect,
in what way to quantify defects, and how to measure software quality.
Having these definitions prior to starting a project, allows for high-quality
software to be written from the start, which leads to fewer defects and less cost-
per-fix.
Analysis of types of defects and cost-per-fix results from this, providing quick
information about project overview.
Understand the Apple SSL security vulnerability that we discussed in class.
How could Apple have prevented this vulnerability? ANS✔✔ The
vulnerability stemmed from a bug that was located in the SSL layer of iOS 6.0,
that allowed Man-in-the-middle attacks. The bug was caused by an extra goto
statement. This would have been caught if the code was reviewed by others for
consistency.
What is static analysis? What are its advantages and limitations? ANS✔✔
Static Analysis are a set of tools that allow improving code with little effort.
, They are run on the source code, like a compiler. It should not replace
traditional testing, but can heavily supplement existing tests and provide
suggestions for improvements.
It has the advantages of a user not needing to know the intricacies of the
source code to be able to run them and get suggestions. It can catch things such
as syntax errors or unused variables.
There are some disadvantages that prevent it from being an all-purpose tool.
Since it is not run at runtime, it cannot detect issues that would arise from
input, or from misuse of pointers. It also does not detect performance or
memory errors.
Understand the meaning of the quote 'program testing can be used very
effectively to show the presence of bugs but never to show their absence.
ANS✔✔ This quote refers to how certain assumptions are made by
programmers when writing code, such as if multiplication works properly.
This sort of thing COULD be tested, but would take an inordinate amount of
time. This means that for as much testing as we can do, it would not be enough
to cover all ground, and we simply have to assume certain things work based
on smaller samples.
What are the benefits of using testing to improve software quality? ANS✔✔
Testing can reveal the presence of errors
Can find bugs that would result in expensive fixes if they were to be left in
before release.
Can catch unexpected issues that arise due to code refactoring. If one refactors
a low-level function under a different set of assumptions, testing may be able to
catch resulting unexpected behavior or usage under the scope of the modified
underlying assumptions, therefore catching cascading issues before they affect
higher-level code.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Schoolflix. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80796 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now